PLAYBOOKIOT EDGE
RSAC 2020 and the IoT Edge
With 500+ sessions and 30 Keynotes to possibly attend during the show, it is important to be strategic
with your time to get the most from RSAC 2020. Allegro can help – we have put together our Annual
IOT EDGE PLAYBOOK for RSAC 2020 highlighting specific sessions and keynotes that are directly
applicable to security issues for IoT edge devices.
When you have a chance – Stop by our booth #4610 and let’s talk security. We look forward to seeing you
on the IOT EDGE!
allegrosoft.com/rsac2020
SUMMARY
MondayEmerging ThreatsMonday, February 248:30AM - 5:00PMMoscone West
TuesdayShodan 2.0: The World’s Most Dangerous Search Engine Goes on the DefensiveTuesday, February 2511:00AM - 11:50AMMoscone West
Using the Hacker Persona to Build Your DevSecOps PipelineTuesday, February 2511:00AM - 11:50AMMoscone West
Bringing Down the Empire—The Internet of Medical Things (IoMT)Tuesday, February 251:00PM - 1:50PMMoscone South
Market Trends in DNS Privacy Doh and DoT Tuesday, February 251:40PM - 2:00PMMoscone South
Security Starts Here … IdentityTuesday, February 252:10PM - 2:30PMMoscone South
CyBEER OpsTuesday, February 254:00PM - 6:00PM
WednesdayPractical Use of MUD Specification to Support Access Control in the IoTWednesday, February 268:00AM - 8:30AMMoscone South
Creating a Minimum Security Baseline & Aligned Standards for Consumer IoTWednesday, February 268:00AM - 8:50AMMoscone West
Building a Comprehensive IoT Security Testing MethodologyWednesday, February 269:20AM - 10:10AMMoscone West
Product Security Meets Human Life: Inoculating Medical DevicesWednesday, February 2610:00AM - 10:30AMMoscone South
Stopping the Proliferation of IoT Botnets: Is Dynamic Analysis the Answer?Wednesday, February 261:30PM - 2:20PMMoscone South
HTTPS: Why Privacy Doesn’t Equal SecurityWednesday, February 261:30PM - 2:20PMMoscone South
What’s in the Box? Software Bill of Materials for IoTWednesday, February 261:40PM - 2:10PMMoscone South
Next-Gen IoT Botnets 3: Bad Implementations of Good Cloud PlatformsWednesday, February 262:20PM - 2:50PMMoscone South
Have You Secured Your Un-agentable Things?Wednesday, February 262:40PM - 3:00PMMoscone South
ThursdayIndustry Standards to Support Supply Chain Risk Management for FirmwareThursday, February 278:00AM - 8:30AMMoscone South
Putting Access Management for the Internet of Things into Practice with MUDThursday, February 278:00AM - 8:50AMMoscone West
You, Me and FIPS 140-3: A Guide to the New Standard and TransitionThursday, February 278:00AM - 8:50AMMoscone West
MITRE ATT&CK: The SequelThursday, February 279:20AM - 10:10AMMoscone West
Top 10 List for Securing Your IT/OT EnvironmentThursday, February 279:20AM - 10:10AMMoscone West
IoT Bug Hunting: From Shells to Responsible DisclosureThursday, February 2710:00AM - 10:30AMMoscone South
Evolution of AIOps to Watch over Smart City IoTThursday, February 2711:20AM - 11:50AMMoscone South
Automotive/IoT Network Exploits: From Static Analysis to Reliable ExploitsThursday, February 271:30PM - 2:20PMMoscone West
PLAYBOOKIOT EDGE
Emerging ThreatsMonday, February 248:30AM - 5:00PMMoscone West
ParticipantsDeborah BlythCISO, State of Colorado
Chris CochranThreat Intelligence Lead, Netflix
Joel DeCapuaSpecial Agent, FBI
Jon DiMaggioSr. Threat Intelligence Analyst, Symantec
Michael EkstromLead Cybersecurity Engineer, National Cybersecurity Center of Excellence
Timothy GalloSolutions Architect, Service and Intelligence, FireEye
William HallSenior Counsel, US Department of Justice, Computer Crime and Intellectual Property Section
Amanda HouseData Scientist, McAfee
Daniel Kapellmann ZafraTechnical Analysis Manager, Cyber Physical, FireEye
Jin Wook KimCERT Manager, WINS
Sherin MathewsSenior Data Scientist, McAfee
Anthony NashDirector of Cyber Intelligence StrategyAnomali
Dick O’BrienPrincipal Editor, Symantec
Nicole PerlrothInvestigative Journalist, NY Times
Lieutenant Gustavo RodriguezLieutenant, FBI NY Cyber Task Force, NYPD
David SanchoSenior Threat Researcher, Trend Micro
Anne TownsendPrincipal Cybersecurity Engineer, National Cybersecurity Center of Excellence
William WadeChief Information Security Officer, City of Atlanta
Wendi WhitmoreGlobal Lead, X-Force Incident Response, IBM
Related RSA Articles• Security Investigative Journalists Speak Out (Nicol Perlroth)
• RSAC TV: CBSi Interview with Wendi Whitmore
• I Find Your Lack of Security Strategy Disturbing (Deborah Blyth)
Related Internet Articles• Show 138: Nicole Perlroth Discusses Life as a Cyber Security Journalist
• Task Force Takes ‘Whole Government’ Approach (Gustavo Rodriguez)
• Ransomware (Wendi Whitmore)
• Make Your Own Luck: Key Strategies for Building Your Career (Wendi Whitmore)
• A short history of cyber espionage (Dick O’Brien)
• Working in Cyber Security: “Work for the role you want to be in and not the role you are in today” (Jon DiMaggio)
• Examining the Thriving Underground Software Business (David Sancho)
• Colorado builds internal firewalls to amp up cybersecurity (Deborah Blyth)
• ICS Tactical Security Trends: Analysis of the Most Frequent Security Risks Observed in the Field (Daniel Kapellmann Zafra)
• Fantastic information and where to find it: a guidebook to open-source OT reconnaissance (Daniel Kapellmann Zafra)
• Meet The Former Marine Who Went Viral Joining Netflix as Threat Intelligence Lead (Chris Cochran)
• Ransomware: Defending Against Digital Extortion (Timothy Gallo)
Event Linkhttps://www.rsaconference.com/usa/agenda/emerging-threats
PLAYBOOKIOT EDGE
Welcome SessionMonday, February 245:00PM - 7:00PMShow Floor - Booth #4610
ParticipantsWe invite everyone to kick-off RSAC 2020 with drinks and hors d’oeuvres as you preview solutions from leading information security organizations and IoT vendors in the Expo.
We especially invite everyone to stop by the Allegro Booth #4610 to learn more about securing the IoT edge.
PLAYBOOKIOT EDGE
Shodan 2.0: The World’s Most Dangerous Search Engine Goes on the DefensiveTuesday, February 2511:00AM - 11:50AMMoscone West
ParticipantsDr. Michael MylreaSenior Technical Advisor for CybersecurityPacific Northwest National Laboratory
Related Internet Articles• Michael Mylrea’s research while affiliated with Pacific Northwest
National Laboratory and other places
• Buildings Cybersecurity: Opportunities, Challenges and Solutions
• Blockchain Unchained: Cybersecurity Implications & Market Overview
PLAYBOOKIOT EDGE
Using the Hacker Persona to Build Your DevSecOps PipelineTuesday, February 2511:00AM - 11:50AMMoscone West
ParticipantsDr. Aaron EstesLockheed Martin FellowLockheed Martin Corporation
Robin YemanLockheed Martin FellowLockheed Martin
Related Internet Articles• Speed of Delivery using Agile for Hardware - Robin Yeman
• DoD Science Board Report - Robin Yeman
• How large government contractors are utilizing Agile and DevOps - Suzette Johnson and Robin Yeman
PLAYBOOKIOT EDGE
Bringing Down the Empire—The Internet of Medical Things (IoMT)Tuesday, February 251:00PM - 1:50PMMoscone West
ParticipantsAxelle ApvrillePrincipal Security ResearcherFortinet
Aamir LakhaniSenor Red Team ResearcherFortinet
Related Internet ArticlesAxelle Apvrille
• Reversing Internet of Things from Mobile Applications
• Cryptocurrency mobile malware
• Ph0wn smart devices CTF: Behind the Scenes
• Medical IoT for diabetes and cybercrime
Aamir Lakhani
• Threat Landscape Trends - TheCube
• Cybersecurity Threat Landscape
• Code Wars
• Understanding Cryptocurrencies, Bitcoins, and Blockchains LiveLessons
• Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer
• Digital Forensics and Cyber Crime with Kali Linux Fundamentals LiveLessons
PLAYBOOKIOT EDGE
Market Trends in DNS Privacy DoH and DoT Tuesday, February 251:40PM - 2:00PMMoscone South(Infoblox)
TopicTwo evolving improvements to DNS privacy have recently made the news: DNS over HTTPS or “DoH” and DNS over TLS (Transport Layer Security) or “DoT.” We want to educate you on what these changes to DNS are, why they are coming about, and our recommendations on what companies should do to act now, as both mechanisms change how DNS operates, and they create difficulties for security administrators by circumventing established DNS security controls. Interesting to see how this might effect IoT devices at the edge of a network.
PLAYBOOKIOT EDGE
Security Starts Here … IdentityTuesday, February 252:10PM - 2:30PMMoscone South(One Identity)
TopicOften missed in the bright lights of innovation, digital transforma-tion and a move to the cloud is the immutable reality that securi-ty can’t be ignored. This session highlights the benefits of simple identity practices and integrated solutions. You will walk away with an understanding of how to secure your organization and establish a rock-solid foundation of identity governance and administration, and privileged access management.
PLAYBOOKIOT EDGE
CyBEER OpsTuesday, February 254:30PM - 6:00PM
ParticipantsWe invited everyone to the Expo floor to sample CyBEERs from around the globe.
Don’t forget to stop by the Allegro Booth #4610 to discuss the latest in IoT edge device security.
PLAYBOOKIOT EDGE
Practical Use of the MUD Specification to Support Access Control in the IoTWednesday, February 268:00AM - 8:30AMMoscone South
ParticipantsDr. Parisa GrayeliManager, NCCoE MUD LaboratoryMitre/NCCoE
Blaine MulugetaCyber Security EngineerMitre/NCCoE
Related Internet Articles
Blaine Mulugeta
• Won’t Get Fooled Again: The expected future of IoT malware and what to do about it.
• Multifactor Authentication for E-Commerce
PLAYBOOKIOT EDGE
Creating a Minimum Security Baseline and Aligned Standards for Consumer IoTWednesday, February 268:00AM - 8:50AMMoscone West
ParticipantsJasper PandzaStandards Development Lead for Consumer IoT SecurityUK Department for Digital, Culture, Media and Sport (DCMS)
Related Internet Articles• ETSI standard on consumer IoT security: key steps to secure ‘smart’
products
• Improving the Security of Consumer IoT: A New Code of Practice
• Plutonium and China’s Future Nuclear Fuel Cycle
PLAYBOOKIOT EDGE
Building a Comprehensive IoT Security Testing MethodologyWednesday, February 269:20AM - 10:10AMMoscone West
ParticipantsDeral HeilandResearch Lead, IoTRapid7
Related Internet Articles• Rapid7 Blog
• DerbyCon 2018, Deral Heiland’s ‘Hardware Slashing, Smashing And Reconstructing For Root Access’
• Deral Heiland, Seamless Podcast with Darin Andersen
• Deral Heiland & Abyss of Cybersecurity - John Bumgarner
• How a security researcher is tackling IoT security testing
PLAYBOOKIOT EDGE
Product Security Meets Human Life: Inoculating Medical DevicesWednesday, February 2610:00AM - 10:30AMMoscone South
ParticipantsSara BohanSenior Information Security AnalystMayo Clinic
Adam BrandManaging DirectorPwC
Tara LarsonChief Security Architect-Product Security DirectorAbbott
Scott NicholsDirector, Global Product Privacy and CybersecurityDanaher/Beckman-Coulter
Related RSA ArticleAdam Brand
• Medical Device Security: Getting Executive Buy-In
Related Internet ArticlesAdam Brand
• Why medical device security is something we should all care about
• Putting medical device security to the test reveals many vulnerabilities
• Medical Devices: Pwnage and Honeypots
• BlueKeep: The latest reminder of our responsibility with connected medical devices
• Medical device security: patient safety and cost considerations
Tara Larson
• Medical Device Cybersecurity Risk Mitigation
• Responding to Challenges in Medical Device Security?
PLAYBOOKIOT EDGE
Stopping the Proliferation of IoT Botnets: Is Dynamic Analysis the Answer?Wednesday, February 261:30PM - 2:20PMMoscone South
ParticipantsMounir HahadHead of Juniper Threat LabsJuniper Networks
Khurram IslahSr. Staff EngineerJuniper Networks
Related Internet Articles
Mounir Hahad
• New ‘unknown’ data breach shows the danger of multicloud
• Equifax, USMC breaches call for more monitoring and credit freezes
• Ransomware-as-a-Service: Hackers’ Big Business
• RSA2018 With Dr. Mounir Hahad, Ph. D,, Head of Juniper Threat Labs
PLAYBOOKIOT EDGE
HTTPS: Why Privacy Doesn’t Equal SecurityWednesday, February 261:30PM - 2:20PMMoscone South
ParticipantsDavid DufourVice President of Cybersecurity and EngineeringCarbonite, an OpenText Company
Hal LonasSenior Vice President and CTO, SMB and ConsumerOpenText
Related Internet ArticlesDavid Dufour
• Cyber Security with David Dufour
• Post RSA 2018 Interview with Webroot’s David Dufour
• Interview: David Dufour, Senior Director of Cybersecurity & Engineering, Webroot
Hal Lonas
• Cybersecurity: An Asymmetrical Game of War
• Hal Lonas on how enterprises are using machine learning for security
• HTTPS: Security vs Privacy | Webroot
• Cybersecurity Sit Down: The Future of Cybersecurity for SMBs | Webroot
PLAYBOOKIOT EDGE
What’s in the Box? Software Bill of Materials for IoTWednesday, February 261:40PM - 2:10PMMoscone South
ParticipantsDr. Allan FriedmanDirector of CybersecurityNTIA / US Department of Commerce
Related RSA Article• Revisiting Public-Private Collaboration: Asian and Global
Perspectives
Related Internet Articles• Redefining Cybersecurity
• Cyber Safety and Resiliency at the Internet Infrastructure Layer
• Analysis: Changes in US spy programme
• Creating Economic Incentives for Cybersecurity
• Cybersecurity expert on NSA spying and Obama’s policy reform
• Transparency of SW and IoT Components: An Open Approach to Bill of Materials
• Software Bill of Materials (SBOM)
• Cybersecurity researcher Allan Friedman said he is skeptical of Edward Snowden’s claim...
PLAYBOOKIOT EDGE
Next-Gen IoT Botnets 3: Bad Implementations of Good Cloud PlatformsWednesday, February 262:20PM - 2:50PMMoscone South
ParticipantsAlex Jay BalanChief Security ResearcherBitdefender
Related RSA Article• Legal Implications in Ethical Disclosure
Related Internet Articles• Exploiting Cloud Synchronization to Hack IOTS
• Privacy: Between Hype and Need
• Next gen IoT Botnets 3 moar ownage
• Short bio
PLAYBOOKIOT EDGE
Have You Secured Your Un-agentable Things?Wednesday, February 262:40PM - 3:00PMMoscone South(Armis)
TopicSCADA and OT devices. Blood infusion pumps and ventilators. Smart TVs, badge readers, and access points. These are a few un-agentable things—and hackers know it. These devices are the new threat landscape. They have no security, they can’t be updated easily, and they can’t host agents. So how can you stay protected? Join Armis and learn about real-life exploits and how to secure these devices.
PLAYBOOKIOT EDGE
Industry Standards to Support Supply Chain Risk Management for FirmwareThursday, February 278:00AM - 8:30AMMoscone South
ParticipantsLawrence ReinertComputer Systems ResearcherNational Security Agency
Monty WisemanPrincipal Engineer, CybersecurityGE Research
Related Internet Articles
Monty Wiseman
• Trusted Supply Chain and Remote Provisioning with the Trusted Platform Module
• A Canonical Event Log Structure for IMA
PLAYBOOKIOT EDGE
Putting Access Management for the Internet of Things into Practice with MUDThursday, February 278:00AM - 8:50AMMoscone West
ParticipantsL. Jean CampProfessorIndiana University
Drew CohenChief Executive OfficerMasterPeace Solutions Ltd
Eliot LearPrincipal EngineerCisco - Enterprise Chief Technology Office
Mudumbai RanganathanComputer EngineerNational Institute of Standards and Technology
Darshak ThakorePrincipal ArchitectCableLabs
Related Internet ArticlesDrew Cohen
• The Technado, Episode 101: MasterPeace Solutions’ Drew Cohen
• Masterpeace Solutions President and CEO Drew Cohen: Full Interview
• MasterPeace CEO Drew Cohen Technado Podcast Interview
Eliot Lear
• Roles and RFCs
• It’s Not the Doorbell, It’s the Cloud
• Cited articles
Mudumbai Ranganathan
• Publications
Darshak Thakore
• Micronets: Enterprise-Level Security Is No Longer Just For Enterprises
• CableLabs® Micronets: A New Approach to Securing Home Networks
PLAYBOOKIOT EDGE
You, Me and FIPS 140-3: A Guide to the New Standard and TransitionThursday, February 278:00AM - 8:50AMMoscone West
ParticipantsRyan ThomasCST Laboratory ManagerAcumen Security
Related RSA Article• Quick Look: You, Me and FIPS 140-3: A Guide to the New Standard
and Transition
PLAYBOOKIOT EDGE
MITRE ATT&CK: The SequelThursday, February 279:20AM - 10:10AMMoscone West
ParticipantsFreddy DezeureCEOFreddy Dezeure BVBA
Richard StruseChief Strategist, Cyber Threat IntelligenceMITRE Engenuity
Related RSA ArticlesFreddy Dezeure
• RSAC TV: Interview with Freddy Dezeure
• Assessing the EU Threat Landscape
• Frameworks, Mappings and Metrics: Optimize Your Time as CISO or Auditor
Related Internet ArticlesFreddy Dezeure
• Testimonial CERT-EU
• Threat Model ATT&CK
Richard Struse
• Threat-Informed Defense and MITRE ATT&CK™
• Interview with Richard Struse
• MITRE’s new ‘ATT&CK’ resource an encyclopedia of cyber threats
PLAYBOOKIOT EDGE
Top 10 List for Securing Your IT/OT EnvironmentThursday, February 279:20AM - 10:10AMMoscone West
ParticipantsDawn CappelliVP Global Security and Chief Information Security OfficerRockwell Automation
Roy GundyHead of OT Cyber SecurityJohnson & Johnson
Related RSA ArticlesDawn Cappelli
• Getting to Know the New RSAC Advisory Board Members: Dawn Cappelli
Roy Gundy
• Security Coming Together: The Convergence of IT and OT
Related Internet ArticlesDawn Cappelli
• Insider Threat: Putting Theory Into Practice
• Practical Advice for Submitting to Speak at a Cybersecurity Conference
• IT OT Cybersecurity Convergence Panel Discussion - ARC Industry Forum 2019 Orlando
PLAYBOOKIOT EDGE
IoT Bug Hunting: From Shells to Responsible DisclosureThursday, February 2710:00AM - 10:30AMMoscone South
ParticipantsShaun MiraniSecurity AnalystIndependent Security Evaluators
Ian SindermannAssociate Security Analyst 2Independent Security Evaluators
Related Internet ArticlesShaun Mirani
• Remotely Exploiting IoT Pet Feeders
• ASUS Routers Overflow with Vulnerabilities
• Show Mi The Vulns: Exploiting Command Injection in Mi Router 3
• Hack Routers, Get Toys: Exploiting the Mi Router 3
• Over a Dozen Vulnerabilities Discovered in ASUSTOR AS-602T
• VPNFilter Threat — How to Prevent, Detect and Mitigate
• Unauthenticated Remote Code Execution in Asustor AS-602T (CVE-2018-12313)
Ian Sindermann
• Hardware Hacking 101 – Lesson 1: Beauty, Your Home Lab and Basic Electronics
• Hardware Hacking 101 – Lesson 2: Classical Hardware Hacking
• Hardware Hacking 101 – Lesson 3: Abusing UART (U Are RooT)
• PART 1: DEF CON Badgelife Hardware Hacking - Introduction In-Circuit Serial Programming (ICSP)
PLAYBOOKIOT EDGE
Evolution of AIOps to Watch over Smart City IoTThursday, February 2711:20AM - 11:50AMMoscone South
ParticipantsDarren BennettDeputy Director, Chief Information Security OfficerCity of San Diego
Thomas CaldwellCTOTechniche
Related Internet ArticleDarren Bennett
• Bio
PLAYBOOKIOT EDGE
Automotive/IoT Network Exploits: From Static Analysis to Reliable ExploitsThursday, February 271:30PM - 2:20PMMoscone West
ParticipantsJonathan BrossardCEOMoabi
Related Internet Articles• DEF CON 24 - Jonathan Brossard - Intro to Wichcraft Compiler
Collection
• Moabi - Post Memory Corruption Memory Analysis - Blackhat 2011 Research
• Moabi - Hardware Backdooring Is Practical - Blackhat 2012 Research
• Interview with Jonathan Brossard, CEO @ MOABI
Top Related